Buffered SQL for authentication failures?
John Morrissey
jwm at horde.net
Wed Aug 5 19:11:33 CEST 2009
I'm in the process of replacing OSG's Radiator with FreeRADIUS. I have our
relatively complex configuration mostly ported, but a few things have left
me stumped.
I'd like to write authentication failures to an SQL database using a detail
listener so they're buffered, as with accounting:
detail detail.auth {
detailfile = ${radacctdir}/detail-auth
detailperm = 0600
header = "%t"
}
post-auth {
Post-Auth-Type REJECT {
detail.auth
}
}
server buffered-sql-auth {
listen {
type = detail
filename = ${radacctdir}/detail-auth
load_factor = 100
}
post-auth {
sql
}
}
Detail entries are picked up by the listener, but it never seems to do
anything with them:
Going to the next request
Waking up in 0.7 seconds.
Polling for detail file /var/log/freeradius/radacct/detail-acct
Polling for detail file /var/log/freeradius/radacct/detail-auth
detail_recv: Renaming /var/log/freeradius/radacct/detail-auth -> /var/log/freeradius/radacct/detail-auth.work
detail_recv: Read packet from /var/log/freeradius/radacct/detail-auth.work
Packet-Type = Access-Reject
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Acct-Delay-Time = 0
server buffered-sql-auth {
} # server buffered-sql-auth
Finished request 7.
Cleaning up request 7 ID 41800 with timestamp +263
It looks like detail_recv() explicitly sets its RAD_REQUEST_FUNP to
rad_accounting:
*pfun = rad_accounting;
I haven't looked much into the FreeRADIUS source yet; is it reasonably easy
to determine/loop through the configured handlers for the detail listener to
support a situation like this? Is there a better way of doing this?
john
--
John Morrissey _o /\ ---- __o
jwm at horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
More information about the Freeradius-Users
mailing list